T
Technician
Guest
In article <[email protected]>, [email protected] says...
> Technician wrote:
>
> >>My FTP servers often get hit with anonymous connections - they're just kiddies looking for open
> >>servers where they can dump warez, etc.
> >
> >
> > Could be interesting. just have to write a script that takes a win32 virus/worm/trojan
> > (preferably one that is really nasty and hard to detect), grabs the files in the "uploads"
> > directory, injects the virus/worm/trojan into the files, and places them in the "just_uploaded"
> > folder and then deletes the original "clean" file. it may not stop the warez problem, but at
> > least it will wreak havoc with their systems for a while, and thus providing and form of cheap
> > entertainment. silent backdoors are always fun (if only i had a few to toy with).
>
> You're getting in to dodgy territory with virii. If you want to do something like that, look at
> honeypots.
I already looked into it and i don't have a spare PC to use.
>
>
> >>As for general security tips, turn off any unwanted services, install some decent IPTables rules
> >>and keep up to date with exploits by subscribing to security mailing lists or newsgroups.
> >>
> >
> > I have turned off all services that i can, and blocked ports for the others. the only ports that
> > are open that i can detect from the outside are 21 (FTP), 22 (SSH), 25 (SMTP), 80 (HTTP), 110
> > (POP3), 119 (NNTP), and 443 (HTTPS).
> >
> > FTP does not allow anonymous access. SMTP only relays for internal hosts, and only receives
> > mail for this domain. HTTP is as secure as http can be. POP3 is just the inetd pop3 daemon.
> > would like to change to something i can actually configure. NNTP is userassword protected and
> > only provides access to local groups only (such as server news and user created groups and so
> > forth). HTTPS is fairly secure as it uses my own certificate generated from a nice source of
> > random data.
>
> If you collect mail with SMTP, why are you running POP3?
>
>
Gotta check email somehow (from a different computer). The alternativee is to log in via SSH and run
Pine to check mail. keep in mind, root never connects to pop3. root mail is forwarded to my account,
and then i check that account (my account has very low in the security food chain, the home
directory is in fact completely empty and shell access is blocked).
I am running a IDS so i can pick up at least the more common detectable attacks, And i monitor the
system logs for any suspicious activity.
I may not be a full network security guru, but i at least know some of the basics.
~Travis
--
To reply by email, remove clothes.
travis5765.homelinux.net, Primary Administrator TF Custom Electronic, Owner/Founder/Developer
(current project: Automotive exhaust flame-thrower)
> Technician wrote:
>
> >>My FTP servers often get hit with anonymous connections - they're just kiddies looking for open
> >>servers where they can dump warez, etc.
> >
> >
> > Could be interesting. just have to write a script that takes a win32 virus/worm/trojan
> > (preferably one that is really nasty and hard to detect), grabs the files in the "uploads"
> > directory, injects the virus/worm/trojan into the files, and places them in the "just_uploaded"
> > folder and then deletes the original "clean" file. it may not stop the warez problem, but at
> > least it will wreak havoc with their systems for a while, and thus providing and form of cheap
> > entertainment. silent backdoors are always fun (if only i had a few to toy with).
>
> You're getting in to dodgy territory with virii. If you want to do something like that, look at
> honeypots.
I already looked into it and i don't have a spare PC to use.
>
>
> >>As for general security tips, turn off any unwanted services, install some decent IPTables rules
> >>and keep up to date with exploits by subscribing to security mailing lists or newsgroups.
> >>
> >
> > I have turned off all services that i can, and blocked ports for the others. the only ports that
> > are open that i can detect from the outside are 21 (FTP), 22 (SSH), 25 (SMTP), 80 (HTTP), 110
> > (POP3), 119 (NNTP), and 443 (HTTPS).
> >
> > FTP does not allow anonymous access. SMTP only relays for internal hosts, and only receives
> > mail for this domain. HTTP is as secure as http can be. POP3 is just the inetd pop3 daemon.
> > would like to change to something i can actually configure. NNTP is userassword protected and
> > only provides access to local groups only (such as server news and user created groups and so
> > forth). HTTPS is fairly secure as it uses my own certificate generated from a nice source of
> > random data.
>
> If you collect mail with SMTP, why are you running POP3?
>
>
Gotta check email somehow (from a different computer). The alternativee is to log in via SSH and run
Pine to check mail. keep in mind, root never connects to pop3. root mail is forwarded to my account,
and then i check that account (my account has very low in the security food chain, the home
directory is in fact completely empty and shell access is blocked).
I am running a IDS so i can pick up at least the more common detectable attacks, And i monitor the
system logs for any suspicious activity.
I may not be a full network security guru, but i at least know some of the basics.
~Travis
--
To reply by email, remove clothes.
travis5765.homelinux.net, Primary Administrator TF Custom Electronic, Owner/Founder/Developer
(current project: Automotive exhaust flame-thrower)